The phpMyAdmin project reports:
Summary
Self-XSS due to unescaped HTML output in navigation items hiding feature.
Description
When hiding or unhiding a crafted table name in the navigation, it is possible to trigger an XSS.
External references:
http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php